steampipe plugin install splunk

Table: splunk_app - Query Splunk Apps using SQL

Splunk Apps are applications that are designed to enhance and extend the functionality of the Splunk platform. These apps provide features like dashboards, reports, alerts, data inputs, and workflows, tailored for specific use-cases or data sources. They are a crucial part of the Splunk ecosystem, enabling users to customize and optimize their data analysis and visualization.

Table Usage Guide

The splunk_app table provides insights into the applications available in the Splunk environment. As a data analyst or a security professional, you can explore app-specific details through this table, including the app version, description, and visibility. Utilize it to uncover information about the apps, such as their configuration, status, and the data sources they are designed to handle.

Examples

Basic info

Explore the basic details of your Splunk applications such as their names, versions, and authors. This can help in tracking the app updates and understanding the source of each application.

select
name,
version,
author
from
splunk_app;
select
name,
version,
author
from
splunk_app;

List apps that are not visible

Determine the apps that are hidden or not readily visible to users, useful for understanding which applications may not be fully accessible or utilized within your system.

select
name,
version,
author,
visible
from
splunk_app
where
not visible;
select
name,
version,
author,
visible
from
splunk_app
where
visible = 0;

List disabled apps

Determine the areas in which apps are disabled to understand their impact on the system's functionality. This can be useful in identifying potential issues or areas for improvement in the system's performance.

select
name,
version,
author,
disabled
from
splunk_app
where
disabled;
select
name,
version,
author,
disabled
from
splunk_app
where
disabled = 1;

List apps with auto-update check enabled

Discover the segments that have enabled the auto-update feature in their apps. This can assist in maintaining up-to-date applications and ensuring the latest features and security measures are in place.

select
name,
version,
author,
check_for_updates
from
splunk_app
where
check_for_updates;
select
name,
version,
author,
check_for_updates
from
splunk_app
where
check_for_updates = 1;

Schema for splunk_app

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
acljsonbAccess Control List for the app.
authortextAuthor of this object in the system.
check_for_updatesbooleanIf true, then check Splunkbase for app updates.
configuredbooleanIf true, then Custom app setup is complete.
coreboolean
descriptiontextApp description.
detailstextURL to use for detailed information about the app.
disabledbooleanIf true, the app is disabled.
idtextID of the app.
labeltextApp name.
linksjsonbLinks for the app resource.
managed_by_deployment_clientboolean
nametext=Name of the app.
show_in_navboolean
state_change_requires_restartboolean
updatedtimestamp with time zoneTime when the app was last updated.
versiontextApp version.
visiblebooleanIf true, app is visible and navigable from Splunk Web.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- splunk

You can pass the configuration to the command with the --config argument:

steampipe_export_splunk --config '<your_config>' splunk_app